发表新帖
发表新帖

Can you run GUI applications in a Docker container?

前端 未结
关注
22 2472
南旧
南旧 2020-11-22 06:12

How can you run GUI applications in a Docker container?

Are there any images that set up vncserver or something so that you can - for example - add an e

相关标签:
22条回答
  • 猫巷女王i
    2020-11-22 06:23

    I'm late to the party, but for Mac users who don't want to go down the XQuartz path, here is a working example that builds a Fedora Image, with a Desktop Environment (xfce) using Xvfb and VNC. It's simple, and works:

    • https://github.com/ddual/docker_recipes#fedora-with-an-x-window-system
    • https://github.com/ddual/docker_recipes/tree/master/fedora_gui

    On a Mac, you can just access it using the Screen Sharing (default) application, connecting to localhost:5901.

    Dockerfile:

    FROM fedora

USER root

# Set root password, so I know it for the future
RUN echo "root:password123" | chpasswd

# Install Java, Open SSL, etc.
RUN dnf update -y --setopt=deltarpm=false  \
 && dnf install -y --setopt=deltarpm=false \
                openssl.x86_64             \
                java-1.8.0-openjdk.x86_64  \
                xorg-x11-server-Xvfb       \
                x11vnc                     \
                firefox                    \
                @xfce-desktop-environment  \
 && dnf clean all

# Create developer user (password: password123, uid: 11111)
RUN useradd -u 11111 -g users -d /home/developer -s /bin/bash -p $(echo password123 | openssl passwd -1 -stdin) developer

# Copy startup script over to the developer home
COPY start-vnc.sh /home/developer/start-vnc.sh
RUN chmod 700 /home/developer/start-vnc.sh
RUN chown developer.users /home/developer/start-vnc.sh

# Expose VNC, SSH
EXPOSE 5901 22

# Set up VNC Password and DisplayEnvVar to point to Display1Screen0
USER developer
ENV  DISPLAY :1.0
RUN  mkdir ~/.x11vnc
RUN  x11vnc -storepasswd letmein ~/.x11vnc/passwd

WORKDIR /home/developer
CMD ["/home/developer/start-vnc.sh"]

    start-vnc.sh

    #!/bin/sh

Xvfb :1 -screen 0 1024x768x24 &
sleep 5
x11vnc -noxdamage -many -display :1 -rfbport 5901 -rfbauth ~/.x11vnc/passwd -bg
sleep 2
xfce4-session &

bash
# while true; do sleep 1000; done

    Check the linked readme for build and run commands if you want/need.

    0 讨论(0)
  • 借酒劲吻你
    2020-11-22 06:27

    The other solutions should work, but here is a solution for docker-compose.

    To fix that error, you need to pass $DISPLAY and .X11-unix to docker, as well as grant the user who started docker access to xhost.

    Within docker-compose.yml file:

    version: '2'
services:
    node:
        build: .
        container_name: node
        environment:
            - DISPLAY
        volumes:
            - /tmp/.X11-unix:/tmp/.X11-unix

    In terminal or script:

    • xhost +si:localuser:$USER
    • xhost +local:docker
    • export DISPLAY=$DISPLAY
    • docker-compose up
    0 讨论(0)
  • 一个人的身影
    2020-11-22 06:28

    Yet another answer in case you already built the image:

    1. invoke docker w/o sudo (How to fix docker: Got permission denied issue)

    2. share the same USER & home & passwd between host and container share (tips: use user id instead of user name)

    3. the dev folder for driver dependent libs to work well

    4. plus X11 forward.

        docker run --name=CONTAINER_NAME --network=host --privileged \
      -v /dev:/dev \
      -v `echo ~`:/home/${USER} \
      -p 8080:80 \
      --user=`id -u ${USER}` \
      --env="DISPLAY" \
      --volume="/etc/group:/etc/group:ro" \
      --volume="/etc/passwd:/etc/passwd:ro" \
      --volume="/etc/shadow:/etc/shadow:ro" \
      --volume="/etc/sudoers.d:/etc/sudoers.d:ro" \
      --volume="/tmp/.X11-unix:/tmp/.X11-unix:rw" \
      -it REPO:TAG /bin/bash

    you may ask, whats the point to use docker if so many things are the same? well, one reason I can think of is to overcome the package depency hell (https://en.wikipedia.org/wiki/Dependency_hell).

    So this type of usage is more suitable for developer I think.

    0 讨论(0)
  • 刺人心
    2020-11-22 06:29

    Xauthority becomes an issue with newer systems. I can either discard any protection with xhost + before running my docker containers, or I can pass in a well prepared Xauthority file. Typical Xauthority files are hostname specific. With docker, each container can have a different host name (set with docker run -h), but even setting the hostname of the container identical to the host system did not help in my case. xeyes (I like this example) simply would ignore the magic cookie and pass no credentials to the server. Hence we get an error message 'No protocol specified Cannot open display'

    The Xauthority file can be written in a way so that the hostname does not matter. We need to set the Authentication Family to 'FamilyWild'. I am not sure, if xauth has a proper command line for this, so here is an example that combines xauth and sed to do that. We need to change the first 16 bits of the nlist output. The value of FamilyWild is 65535 or 0xffff.

    docker build -t xeyes - << __EOF__
FROM debian
RUN apt-get update
RUN apt-get install -qqy x11-apps
ENV DISPLAY :0
CMD xeyes
__EOF__
XSOCK=/tmp/.X11-unix
XAUTH=/tmp/.docker.xauth
xauth nlist :0 | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
docker run -ti -v $XSOCK:$XSOCK -v $XAUTH:$XAUTH -e XAUTHORITY=$XAUTH xeyes
    0 讨论(0)
  • 予麋鹿
    2020-11-22 06:30

    Docker with BRIDGE network. for Ubuntu 16.04 with display manager lightdm:

    cd /etc/lightdm/lightdm.conf.d
sudo nano user.conf

[Seat:*]
xserver-allow-tcp=true
xserver-command=X -listen tcp

    you can use more private permissions

    xhost +

docker run --volume="$HOME/.Xauthority:/root/.Xauthority:rw" --env="DISPLAY=$HOST_IP_IN_BRIDGE_NETWORK:0" --net=bridge $container_name
    0 讨论(0)
  • 孤城傲影
    2020-11-22 06:31

    I just found this blog entry and want to share it here with you because I think it is the best way to do it and it is so easy.

    http://fabiorehm.com/blog/2014/09/11/running-gui-apps-with-docker/

    PROS:
    + no x server stuff in the docker container
    + no vnc client/server needed
    + no ssh with x forwarding
    + much smaller docker containers

    CONS:
    - using x on the host (not meant for secure-sandboxing)

    in case the link will fail someday I have put the most important part here:
    dockerfile:

    FROM ubuntu:14.04

RUN apt-get update && apt-get install -y firefox

# Replace 1000 with your user / group id
RUN export uid=1000 gid=1000 && \
    mkdir -p /home/developer && \
    echo "developer:x:${uid}:${gid}:Developer,,,:/home/developer:/bin/bash" >> /etc/passwd && \
    echo "developer:x:${uid}:" >> /etc/group && \
    echo "developer ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/developer && \
    chmod 0440 /etc/sudoers.d/developer && \
    chown ${uid}:${gid} -R /home/developer

USER developer
ENV HOME /home/developer
CMD /usr/bin/firefox

    build the image:

    docker build -t firefox .

    and the run command:

    docker run -ti --rm \
   -e DISPLAY=$DISPLAY \
   -v /tmp/.X11-unix:/tmp/.X11-unix \
   firefox

    of course you can also do this in the run command with sh -c "echo script-here"

    HINT: for audio take a look at: https://stackoverflow.com/a/28985715/2835523

    0 讨论(0)
 看不清?
提交回复
热议问题